Singaporean Blockchain Wallet Security Company Discovers New Type of Scam Targeting Centralized Exchanges

Fraudulent Transactions Exploit Wallet Vulnerability, Could Have Stolen More than $3 Million in TRX

Singapore, 6th August 2024, ZEX PR WIRE, CoinsDo, a Singaporean blockchain asset security company, has uncovered a sophisticated scam involving fake transactions and multiple smart contracts targeting major centralized cryptocurrency exchanges. While only a single successful instance of this scam has been confirmed, further analysis of the smart contracts in question revealed that the perpetrators initiated hundreds of these fake transactions, potentially defrauding exchanges, payment gateways, and centralized wallet companies of more than $3 million USD worth of TRX. 

It is highly possible that both firms who built their own wallet infrastructure as well as major wallet solution providers like Fireblocks are not adequately prepared to detect this type of fraudulent transfers. This presents a major operational loophole to be exploited by malicious actors.

The scam began with the perpetrator initiating a fraudulent TRX transfer to their deposit address on a centralized exchange. Through the use of multiple smart contracts, they were able to trick the exchange’s wallet infrastructure into validating the fraudulent transaction. This led the exchange to credit the equivalent amount of cryptocurrency to the perpetrator’s account, which they promptly liquidated for cash. 

The transaction looks just like a regular, successful transfer via smart contract.

The perpetrator had mass-triggered a smart contract (Smart Contract A) to initiate multiple transfers via a proxy smart contract (Smart Contract B) to roughly 100 end-user deposit addresses on various centralized exchanges

Smart Contract A was programmed to interact with Smart Contract B to initiate transfers as internal transactions, a sophisticated technique allowing the perpetrator to make fraudulent transactions appear legitimate. 

Graphical illustration on how the fraudulent transaction was made

What was so insidious about this fraudulent transaction was the fact that it could only be identified by a single parameter in the transaction data – “rejected”: true.

A tell-tale sign of a fraudulent transaction.

Malicious actors are getting more creative in their ways of stealing funds, targeting previously overlooked loopholes and vulnerabilities instead of private keys. Just look at the recent WazirX and Lmnl case, which resulted in losses over $230 million. This raises the question of whether wallet providers are overly focused on encryption technologies and algorithms, potentially at the expense of more practical security measures.

To better protect yourself from scams like the one mentioned, it is recommended that all wallet solution providers take extra care to verify transaction details, both internal and external, especially when smart contracts are involved. 

Source: https://www.coinsdo.com/en/blog/new-scam-alert-tron

The Post Singaporean Blockchain Wallet Security Company Discovers New Type of Scam Targeting Centralized Exchanges first appeared on ZEX PR Wire

Information contained on this page is provided by an independent third-party content provider. Binary News Network and this Site make no warranties or representations in connection therewith. If you are affiliated with this page and would like it removed please contact [email protected]

News

Come Support Mental Health Awareness with Mohamed Selim Coaching and Consulting (MSC²)

Support Mental Health Awareness with Mohamed Selim Coaching & Consulting (MSC²) New York, United States, 9th October 2022, ZEXPRWIRE, As a part of Mental Illness Awareness...

Balancing Your Beliefs and Finances: Insights from Mario Andre’s

Cicero, IL, 6th April 2023, ZEXPRWIRE, In an age of global inflation and creative redundancy, making ends meet with an average salary is difficult. The...

D-Central Strengthens its Position as North America’s Biggest Bitcoin Mining Repair Facility

Laval, Québec, Canada, 20th Sep 2022,  When your miner goes down, it hurts your overall investment. For this reason, you need to know where...

TRONAPP.SBS’ innovative cloud mining solution to maximize your cryptocurrency earnings, a game changer for crypto asset portfolios

London, United Kingdom, 19th Dec 2022 – TRONAPP.SBS, a subsidiary of Tron Limited, has announced the launch of its new cryptocurrency cloud mining platform....

Commseed Korea’s MUC Token Airdrop Ended in Huge Success: A Glimpse into Peachz.MOMO and Beyond

Commseed Korea and Hashlink have successfully launched the MUC airdrop event, focusing on creating an endless universe linking decentralized IPs like games and NFTs....

Smartproxy Introduces Static (ISP) Residential Proxies: Enjoy The Best of Both Worlds

London, UK, 15th June 2023, ZEX PR WIRE, Smartproxy, a leading provider of proxy and web data collection solutions, announces static (ISP) residential proxies...

NFTGo.io Launches Real-Time NFT API to Help Web3 Products Scale

NFTGo.io, an NFT data and trading aggregation platform, has launched the NFTGo Developers API with Real-time NFT Analytics, a new tool that provides real-time,...

Ray Comeau’s What Bad We Do : A Vision for Transformation and Enlightenment

Discovering the felonies and misdemeanors prevalent in our Society – Ray Comeau’s new book “What Bad We Do” offers solutions for a better tomorrow. Raritan,...

Saluting those who Serve: Active Duty Mother Supports Hispanic Communities with new Artisan Purse Venture

Arizona USA, October 8, 2020, ZEXPRWIRE, Sunvanasky Company is a  women-led venture run by a U.S. service member who seeks to empower female artisans...

CNPS Offers Top-Quality Fiberglass Equipment to Enhance Oil and Gas Production

Shandong, China, 30th March 2023, ZEXPRWIRE, CNPS, a leading provider of oil and gas equipment, has announced the launch of its new line of top-quality...